A Recovery Approach for SQLite History Recorders from YAFFS2

نویسندگان

  • Beibei Wu
  • Ming Xu
  • Haiping Zhang
  • Jian Xu
  • Yizhi Ren
  • Ning Zheng
چکیده

Nowadays, forensic on flash memories has drawn much attention. In this paper, a recovery method for SQLite database history records (I.e. updated and deleted records) form YAFFS2 is proposed. Based on the out-of-place-write strategies in NAND flash memory required by YAFFS2, the SQLite history recorders can be recovered and ordered into timeline by their timestamps. The experiment results show that the proposed method can recover the updated or deleted records correctly. Our method can help investigators to find the significant information about user actions in Android smart phones by these history recorders, although they seem to have been disappeared or deleted.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A Reconstructing Android User Behavior Approach based on YAFFS2 and SQLite

Nowadays, a variety of Android user behavior information is automatically stored in SQLite to indicate when and what user behavior took places. In this paper, an approach to reconstruct Android user behavior from YAFFS2 based on SQLite is proposed. Based on the storage mechanism of YAFFS2 file system and the file structures of SQLite, all of the SQLite records can be recovered from the Android ...

متن کامل

Reconstructing Fragmented YAFFS2 Files for Forensic Analysis

Data recovery from captured intelligent mobile devices such as smartphones plays a significant role in digital forensic analysis. In this paper, we study the main characteristics of NAND flash and YAFFS2 file systems and explore the method for recovering YAFFS2 files for forensic analysis based on Tnode tree that can save a lot of time compared to other data recovery methods. For any broken fil...

متن کامل

Design of Embedded Database Based on Hybrid Storage of PRAM and NAND Flash Memory

Andorid which is the popular smart phone OS uses a database system to manage its private data storage. Although the database system supports a powerful and lighteweight database engine, its performance is limited by a single storage media, NAND flash memory, and a single file system, YAFFS2. In this paper, we propose a new embedded database system based on hybrid storage of PRAM and NAND flash ...

متن کامل

Resolving journaling of journal anomaly in android I/O: multi-version B-tree with lazy split

Misaligned interaction between SQLite and EXT4 of the Android I/O stack yields excessive random writes. In this work, we developed multi-version B-tree with lazy split (LS-MVBT) to effectively address the Journaling of Journal anomaly in Android I/O. LS-MVBT is carefully crafted to minimize the write traffic caused by fsync() call of SQLite. The contribution of LS-MVBT consists of two key eleme...

متن کامل

SQL Statement Logging for Making SQLite Truly Lite

The lightweight codebase of SQLite was helpful in making it become the de-facto standard database in most mobile devices, but, at the same time, forced it to take lesscomplicated transactional schemes, such as physical page logging, journaling, and force commit, which in turn cause excessive write amplification. Thus, the write IO cost in SQLite is not lightweight at all. In this paper, to make...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2013